Security breach affected 50 million accounts, Facebook says

The vulnerability that allowed attackers to take over user's Facebook accounts has been fixed and law enforcement has been contacted, according to a security update posted online Friday by Guy Rosen, Facebook's vice-president of product management.

Attackers used a vulnerability in the code for the "View As" feature that allows users to view how others see their profile, the update states. Facebook temporarily disabled the feature while its investigation into the exploit continued.

According to the statement by Rosen:

"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens."